Facebook’s WhatsApp is already facing trouble over the whole fake news issue. It has also rolled out some features to tackle the problem. But the instant messenger now seems to be facing another problem if a nation-wide security alert is to be believed.
Israel has reportedly issued the alert authored by Israel National Cyber Security Authority, mentioning that users of a new way through which their WhatsApp accounts can be hacked.
It has been explained that the new hacking system comes when using the mobile service providers. The hack, as mentioned by ZD Net, targets those who have voicemail accounts. They are recommended to change the password of the service, a majority of which are said to be either 1234 or 0000. Using the flaw, the hacker can hijack your WhatsApp account by adding your number to a new WhatsApp account on a different smartphone.
How does it work?
As a security protocol, WhatsApp will send a security SMS code to the given handset number for authentication. But this layer can be skipped if the user is not near the smartphone, claims Bar-Zik, an Israeli web developer.
It is said that after several failed attempts to get the SMS code, WhatsApp lets users verify the account using a ‘voice verification’. For this, WhatsApp will call on the user’s number and speak the one-time code out loud.
If the user is not near the handset to attend the call, the call with the code goes to the voicemail account. To get the code, the hacker would simply need to enter the correct PIN and get going. This will let the hacker use your WhatsApp account using your own number without any permissions.
The hacker can also prevent the original user from getting back the account by enabling two-step verification.
What’s the solution?
Fortunately, the authority has also mentioned a couple of ways that will prevent hackers from performing the above task. You can simply change the password of the voicemail account to something more complex. The second solution is to enable two-step verification system to make the account extra secure.
WhatsApp is just one of the apps
While the aforementioned issue is related to WhatsApp, this could happen with some other popular social media apps as well. Few months ago a researcher named Martin Vigo showed how this flaw can be used to gain access to user’s Facebook, Google, Twitter, PayPal, eBay and even WordPress accounts.